-
Notifications
You must be signed in to change notification settings - Fork 1
/
Containerfile
183 lines (161 loc) · 5.95 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
FROM registry.access.redhat.com/ubi9-minimal:9.4 as base
# Let's declare where we're installing nginx
ENV APP_ROOT=/opt/app-root
ENV APP_HOME=${APP_ROOT}/src
ENV APP_DOWNLOAD=${APP_ROOT}/download
ENV APP_CERTS=${APP_ROOT}/certs
ENV APP_RHPROXY_ENV=${APP_ROOT}/rhproxy-env
# Let's define the nginx defaults
ENV NGINX_VERSION="1.24.0"
ENV NGINX_USER="nginx"
ENV NGINX_GROUP="nginx"
ENV NGINX_UID="1001"
ENV NGINX_GID="1001"
ENV NGINX_BASE=${APP_ROOT}/nginx
ENV NGINX_DEFAULT_CONF_PATH=${NGINX_BASE}/etc/nginx.default.d
ENV NGINX_PERL_MODULE_PATH=${NGINX_BASE}/etc/perl
ENV NGINX_CONF_DIR=${NGINX_BASE}/etc/nginx
ENV NGINX_CONF_PATH=${NGINX_CONF_DIR}/nginx.conf
ENV NGINX_CONFIGURATION_PATH=${NGINX_BASE}/etc/nginx.d
ENV NGINX_LOG_PATH=/var/log/nginx
# Let's define the rhproxy defaults
ENV RHPROXY_CONF_DIR=${NGINX_CONF_DIR}/rhproxy
# Let's declare the rhproxy configurable parameters
ENV RHPROXY_DISABLE="0"
ENV RHPROXY_DEBUG_CONFIG="0"
ENV RHPROXY_SERVICE_PORT=3128
ENV RHPROXY_DNS_SERVER="1.1.1.1"
# Let's enable the rhproxy web server parameters
ENV RHPROXY_WEB_SERVER_DISABLE="0"
ENV RHPROXY_WEB_SERVER_PORT=8443
WORKDIR ${APP_HOME}
RUN mkdir ${NGINX_BASE}
RUN microdnf install -y\
gettext \
zlib \
libaio \
openssl \
shadow-utils \
procps-ng \
less \
util-linux \
vim
# Build nginx with the http_proxy_connect
FROM base as build
RUN microdnf install -y\
gcc \
gcc-c++ \
kernel-headers \
make \
zlib-devel \
pcre-devel \
tar \
wget \
git \
patch \
openssl-devel \
libxml2-devel \
libxslt-devel \
gd-devel \
perl
RUN mkdir -p /opt/app-root/src \
&& cd /opt/app-root/src \
&& git clone https://github.com/chobits/ngx_http_proxy_connect_module \
&& wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
&& tar xfz nginx-${NGINX_VERSION}.tar.gz \
&& cd nginx-${NGINX_VERSION} \
&& patch -p1 < ../ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch \
&& CLIENT_BODY_TEMP_PATH=${NGINX_BASE}/var/lib/nginx/tmp/client_body \
&& HTTP_PROXY_TEMP_PATH=${NGINX_BASE}/var/lib/nginx/tmp/proxy \
&& HTTP_FASTCGI_TEMP_PATH=${NGINX_BASE}/var/lib/nginx/tmp/fastcgi \
&& HTTP_UWSGI_TEMP_PATH=${NGINX_BASE}/var/lib/nginx/tmp/uwsgi \
&& HTTP_SCGI_TEMP_PATH=${NGINX_BASE}/var/lib/nginx/tmp/scgi \
&& ./configure --prefix=${NGINX_BASE}/usr/share/nginx --sbin-path=${NGINX_BASE}/usr/sbin/nginx \
--modules-path=${NGINX_BASE}/usr/lib64/nginx/modules \
--conf-path=${NGINX_BASE}/etc/nginx/nginx.conf \
--error-log-path=${NGINX_LOG_PATH}/error.log \
--http-log-path=${NGINX_LOG_PATH}/access.log \
--http-client-body-temp-path=${CLIENT_BODY_TEMP_PATH} \
--http-proxy-temp-path=${HTTP_PROXY_TEMP_PATH} \
--http-fastcgi-temp-path=${HTTP_FASTCGI_TEMP_PATH} \
--http-uwsgi-temp-path=${HTTP_UWSGI_TEMP_PATH} \
--http-scgi-temp-path=${HTTP_SCGI_TEMP_PATH} \
--pid-path=${NGINX_BASE}/run/nginx.pid \
--lock-path=${NGINX_BASE}/run/lock/subsys/nginx \
--user=${NGINX_USER} \
--group=${NGINX_GROUP} \
--with-compat \
--with-debug \
--with-file-aio \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_degradation_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_mp4_module \
--with-http_perl_module=dynamic \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_xslt_module=dynamic \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-openssl-opt=enable-ktls \
--with-pcre \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-threads \
--add-dynamic-module="/opt/app-root/src/ngx_http_proxy_connect_module" \
&& mkdir -p ${CLIENT_BODY_TEMP_PATH} ${HTTP_PROXY_TEMP_PATH} ${HTTP_FASTCGI_TEMP_PATH} ${HTTP_UWSGI_TEMP_PATH} ${HTTP_SCGI_TEMP_PATH} \
&& make \
&& make install
# Build image
FROM base as final
# Let's make sure NGINX access and error logs go to stdout and stderr.
RUN mkdir -p ${NGINX_LOG_PATH} \
&& touch ${NGINX_LOG_PATH}/access.log \
&& touch ${NGINX_LOG_PATH}/error.log \
&& ln -sf /dev/stdout ${NGINX_LOG_PATH}/access.log \
&& ln -sf /dev/stderr ${NGINX_LOG_PATH}/error.log
# Setup the user's environment
ENV HOME=${APP_HOME}
RUN groupadd --gid ${NGINX_GID} ${NGINX_GROUP} \
&& useradd --uid ${NGINX_UID} --gid ${NGINX_GROUP} --groups root --shell /bin/bash --home-dir ${APP_HOME} --create-home ${NGINX_USER}
# Let's copy the built nginx
COPY --from=build ${NGINX_BASE} ${NGINX_BASE}
# Add rhproxy sources:
RUN mkdir -p ${RHPROXY_CONF_DIR}
ADD app/etc/nginx/nginx.conf.template ${NGINX_CONF_PATH}.template
ADD app/etc/nginx/*.server_names ${RHPROXY_CONF_DIR}
ADD app/etc/*.sh ${APP_ROOT}/etc/
# Copy and set the rhproxy entrypoint:
COPY app/entrypoint.sh ${APP_ROOT}/.
# Copy the web server content:
RUN mkdir -p ${APP_HOME}/img/
COPY app/src/*.html ${APP_HOME}/.
# Let's make sure we have our certs, downloads and rhproxy-env directories are created:
RUN mkdir -p ${APP_CERTS}
RUN mkdir -p ${APP_DOWNLOAD}
RUN mkdir -p ${APP_RHPROXY_ENV}
# Let's have nginx own the app
USER 0
RUN chown -R ${NGINX_USER}:${NGINX_GROUP} ${APP_ROOT}
# Note: --pid-path and --lock-path above are not honored.
RUN chown ${NGINX_USER}:root /run /run/lock
RUN chmod 775 /run /run/lock
USER ${NGINX_UID}
# Exposing the rhproxy and Web server ports
EXPOSE ${RHPROXY_SERVICE_PORT}
EXPOSE ${RHPROXY_WEB_SERVER_PORT}
CMD ["/bin/bash", "/opt/app-root/entrypoint.sh"]